Shortcuts

Windows FTP Logs

I have just downloaded LogParser to hopefully assist me in monitoring our Windows FTP logs. LogParser looks like a great tool, but I really need a quick start. Does anyone have examples of monitoring Windows FTP Logs for things such as, Login Failures,
login attempts as Anonymous, List of IP addresses that have accessed the FTP site, etc.? I would appreciate any and all script examples, from the very basic to the more advanced. I believe the format of our FTP Logs would be considered "IISW3C". I'd
really like to be able to read the logs realtime, and as I read each event, ship each event to our centralized syslog on an HP-UX UNIX server. If you have ideas on how to set something like this up, I'd appreciate that, as well. Thanks in advance!

Re: Windows FTP Logs

I haven't seen the formatting on the Win FTP format files, but as you said, it is probably similar in format as the IIS formats. You can try a basic query with LogParser using the -queryinfo option at the end to see what LP will return.

If it can parse the file correctly it will return column heads and field types for each entry, without additional help. If not, specify an input format -i:iisw3c or -i:iis at the end and see if you get better results.

If these don't provide what you are looking for, you can always use CSV or TSV formats, along with a header file to define each column head. I have done this form my Exchange 5.5 tracking logs (as they don't use IIS - SMTP until 2000 or 2003). The online
help can help with formatting your command line ("logparser -? -i:csv").

Gabriele's book is wonderful and I'd suggest picking one up. (Got mine at Barnes!). Lots of examples to help point you in the right direction.